Sample details: 6c2eab60c520d2a4d507a137f9b18af5 --

Hashes
MD5: 6c2eab60c520d2a4d507a137f9b18af5
SHA1: 35dbe0319c0dab6ced20c5906919eecf31d8f7a1
SHA256: 979c6753c0a423f660a25b95cfc2d82d13de0c37849871dab6350b09a02e5263
SSDEEP: 3072:LdVwig+Mpe8m9cQ1VQf2Jk5/TU74TyGYwDVDm2/106xH3SMG/Z8JWS/22gTlptSO:5VbdPCRoET16vxZ8JD+DTlLS1AkheA8
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Armadillo_v4x | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/disable_antivirus | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_private_profile | YRP/win_files_operation | YRP/CRC32b_poly_Constant | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API |
Parent Files
02b21324b62736bf54e4529dd2fec37f
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
 http://www.clickteam.com
[u4j&V
D$lSU3
T$ QRPV
L$ RQPV
T$ QRVW
L$ PQUW
L$tVQW
L$4VQS
D$4VPQ
T$tG;z
t$$VPRj
D$8RQWP
D$%S<:W
L$/h8SB
t^8\$,u
t'Fj\V
HSVWteH
uQhPSB
u!hLSB
|$(namet
D$$PQR
TSUVWh
T$ QRSSj j
L$TWVQ
L$TWSQ
L$LWSQ
It%It	_
D$$SVW3
T$DSJRj
D$PQRVPU
D$TQRVPU
QRWWWP
WRPjpQ
L$@SUV
<0|:<Z
AFf;L$
<0|:<Z
AFf;L$
<0|;<Z
AFf;L$Xr
D$4;D$@
AFf;L$Xr
D$4;D$@
WPh`%B
T$0j.R
D$$_^][
T$,PQRV
L$0PQh
t?<-t;</t7<\t3<*t/<#t+<+t'<_t#
<8~ <A
t$(PQh
L$,RPQ
u#j@j#j
D$8RPh
T$@htTB
9};H$u
9};H$u
SUVWP3
@PhxTB
L$$jAQ
tTHt7Ht
D$$QWP
D$ QSP
l$ VWh`WB
D$$RPj
D$4RVP
T$8WRS
T$(htWB
D$TRUhlWB
T$$Qh?
D$$RPh
B8PSSS
RPQSUj
SVUPQR
L$ThlPB
L$<WQV
PQh@PB
u!PPPPPj
T$$PQR
L$0PQV
L$4QRPS
L$<QRPW
D$,_^][
L$0Hu`
t$(SUWRPh
l$@PQj
9};H$t0;H
T$4WVSR
.clit/
8"u$_@^
D$(htWB
L$,UQR
D$8Rh0YB
D$(XPB
VQSWPj
\$4u	_^3
T$DQRS
T$DQRS
L$DPQS
]t	_^3
T$ QRj
(http://www.clickteam.com/pub
;l$$up3
;l$$uP
;D$`}"
~(9~$u
T$LPQR
|$HPWS
L$(RPQ
T$DPVS
T$LRWS
T$,RWV
T$,RWV
T$,RWV
L$,QWV
T$,RWV
L$ RUPj
T+3x%A
;D$<s!
T$,PQh
L$(SUV
N4_^]3
YYh(PB
QQSVWd
t.;t$$t(
^}%95|
Y;5D{B
$ < u	
[Sh8(B
"WWSh4(B
sO;>|C;~
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
DSUVWh
VC20XC00U
^Vh8(B
PVh4(B
QSUVW3
>:uNFV
>:u#FV
tPht,B
HHtYHHtF
+ttHHtd
t/WWUPj
QQSVW3
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\Uninstall\
#parent#
\VarFileInfo\Translation
Microsoft\Internet Explorer\Quick Launch
Software\Microsoft\Windows\CurrentVersion\Fonts
Software\Microsoft\Windows NT\CurrentVersion\Fonts
 inflate 1.1.3 Copyright 1995-1998 Mark Adler 
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
GAIsProcessorFeaturePresent
KERNEL32
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
comdlg32.dll
GDI32.dll
ole32.dll
SHELL32.dll
USER32.dll
VERSION.dll
GetModuleFileNameA
GetVersionExA
GetVersion
CompareStringA
GetTimeZoneInformation
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetDriveTypeA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetCommandLineA
GetStartupInfoA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
RemoveDirectoryA
MoveFileA
RtlUnwind
DeleteFileA
SetEnvironmentVariableA
CreateDirectoryA
HeapFree
HeapAlloc
HeapCompact
TerminateProcess
ExitProcess
GetFileAttributesA
SetFileAttributesA
GetCurrentProcess
MoveFileExA
GetModuleHandleA
FormatMessageA
CopyFileA
SetFileTime
OpenFile
SetErrorMode
GetPrivateProfileStringA
WritePrivateProfileStringA
GetTickCount
GetFullPathNameA
FindFirstFileA
FindClose
MultiByteToWideChar
WideCharToMultiByte
GetLocalTime
GetTempPathA
CompareStringW
GetShortPathNameA
GetExitCodeProcess
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateProcessA
lstrcatA
lstrlenA
WinExec
LoadLibraryA
GetProcAddress
FreeLibrary
GetDiskFreeSpaceA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CloseHandle
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetLastError
GetWindowsDirectoryA
IsBadWritePtr
GetSystemDirectoryA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegCreateKeyA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegOpenKeyA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
GetOpenFileNameA
DeleteDC
GetDeviceCaps
GetSystemPaletteEntries
CreatePalette
DeleteObject
ExtTextOutA
CreateFontIndirectA
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
RealizePalette
SelectPalette
CreateHalftonePalette
CreateDIBPatternBrush
CreateSolidBrush
SetBrushOrgEx
SetStretchBltMode
StretchDIBits
SetTextColor
SetBkMode
AddFontResourceA
SetBkColor
GetStockObject
RemoveFontResourceA
CoGetMalloc
CoCreateInstance
OleInitialize
OleUninitialize
DragQueryFileA
DragFinish
ShellExecuteA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
DragAcceptFiles
ExitWindowsEx
IsIconic
PostQuitMessage
DefWindowProcA
DialogBoxParamA
PostMessageA
EndDialog
CheckDlgButton
SetTimer
BringWindowToTop
GetLastActivePopup
FindWindowA
RegisterClassA
LoadCursorA
SendMessageA
GetWindow
AdjustWindowRectEx
LoadIconA
GetSysColor
ScreenToClient
GetWindowRect
GetDlgItem
EndPaint
BeginPaint
GetClientRect
FillRect
DrawTextA
GetSystemMetrics
KillTimer
SendDlgItemMessageA
GetFocus
GetDlgItemTextA
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
IsDlgButtonChecked
CheckRadioButton
SetFocus
GetParent
UpdateWindow
IsWindowVisible
InvalidateRect
CreateDialogParamA
RedrawWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetDlgItemTextA
SetWindowTextA
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExA
GetWindowLongA
IsWindowEnabled
EnableWindow
CallWindowProcA
ValidateRect
SetWindowLongA
GetClassNameA
MessageBoxA
PeekMessageA
wsprintfA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerFindFileA
InstItClass
DllRegisterServer
DllUnregisterServer
ICLaunch
UninstallString
</blue>
<blue>
</green>
<green>
</red>
</white>
<white>
</black>
<black>
</font>
<fontsize=
</link>
<link=
CommonFilesDir
ProgramFilesDir
Software\Microsoft\Windows\CurrentVersion
GetDiskFreeSpaceExA
KERNEL32.DLL
\shell\open\command
https://
http://
 (TrueType)
SetThemeAppProperties
uxtheme.dll
msiexec
RichEdit
RICHEDIT
RichEdit20A
msctls_progress32
BUTTON
STATIC
reginfo.txt
.D%2.2d
\All Users\Application Data
Application Data
#Desktop#
#QuickLaunch#
#Startup#
#Start Menu#
#Date#
#UserRegCode#
#UserInfo#
#UserEmail#
#UserSerialNumber#
#UserCompany#
#UserName#
#SourceDir#
#InstallDir#
All Users
Profiles\All Users
\All Users
#AllUsersDir#
#UserDir#
Profiles\All Users\Documents
\All Users\Documents
All Users\Documents
#AllUsersDocuments#
Profiles\All Users\Application Data
All Users\Application Data
#AllUsersAppData#
Profiles\Administrator\Local Settings\Application Data
\Local Settings\Application Data
#LocalAppData#
Profiles\Administrator\Application Data
#AppData#
#MyDocuments#
#Program Files#
Common Files
#CommonFiles#
#TempDir#
#System#
#Windows#
%s "%s"
%s%3.3d
regtlib -q
regtlib
-q "%s"
LoadTypeLibEx
oleaut32.dll
regedit
-s "%s"
regsvr32 /s
DisplayName
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
InternetReadFile
InternetQueryDataAvailable
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
wininet.dll
file://
%s%d.bin
ictmp%d
 (error %4.4X)
Rename
\WININIT.INI
" /DEL
 /B%d /DEL
_inst%d.exe
SeShutdownPrivilege
rundll32 desk.cpl,InstallScreenSaver %s
RICHED32.DLL
RICHED20.DLL
need dictionary
incorrect data check
incorrect header check
invalid window size
unknown compression method
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
invalid distance code
invalid literal/length code
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
??,EM66
?MVIF?DC
+JV\^^e`SIF
&J`ifehjfbeV`^
[ceXYfV
/&484'&
NKTRURRSUUUQKu
LDEGIJJJJJJHIFDt
BIHHHHHB
?BCCCCC?
<>ACAAA<
JSCAAAA;
qxyyyyyp
266)7w77--*
yyw77--)
y:77--)
yyw77--)
tutttttttt
=Wbbcefqqqqqqpqfofc_Ug
EE]^JkbfkeckckcfcbjJ^^FK
VcccccccccbF
Vbbcbccc[bYC
UXb[[[[[[[YC
>QYYYYYYYYR?
cY;YYYYYR>
qYSYSYR<
pY;PbU
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 
<assemblyIdentity 
version="1.0.0.0" 
processorArchitecture="X86" 
name="InstallProgram" 
type="win32" 
<description>Install Program</description> 
<dependency> 
<dependentAssembly> 
<assemblyIdentity 
type="win32" 
name="Microsoft.Windows.Common-Controls" 
version="6.0.0.0" 
processorArchitecture="X86" 
publicKeyToken="6595b64144ccf1df" 
language="*" 
</dependentAssembly> 
</dependency> 
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
	<security>
		<requestedPrivileges>
			<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
		</requestedPrivileges>
	</security>
</trustInfo>
</assembly> 
wwgT)H5
VrFb"=
BZh91AY&SY
>!RYMh
 II!,+M
|rH!- z
!g94go
,?<pvl
c'c$=4
5|(QT{
99mkw`~
i8cr5HE
__|cgx
p	1U*\
ZbXV%9O&
])AVLW
.lerUVg
TQMwn1
[xD&13
1	YVzK
(i<<].
e6H6&(*
bojF@C
gfd~*TV",
VrB[V)
k1pNwj
`0i(O:
[Co{Q|O
@`(Gln
gw/T*X
L,J-ME
V'SN~b
ciTW	T
/iIiz8R
QQb0cn
Ma(m+jq
Rj7l\a
5+m*ZU
5DQ"(#
I-)I-Rp)
F0bbp,
D)*a$3
8@;#|j]m
-Pj=1@+
-JHMKp
ZJ'm[nj
?,9nwG
F"Wbh(
TPRp,~
#88[=t
$5Y{~A
JBL4*<
06YTJF
~TSl?j6
j_6&da
)RGHa\
u6Qxu3
p7)?A]
~&P0uBd
*]BoK-M
63}5pd
N.dE=(
0vV1VT?O:
(z+p),
:|i0n$hK^8
<&.1AY
~~v^qt
0#uD&c
p(~w)~7
mvnF^q
j&9C%w
 .rbl,/!,
N>SCIXZ
\AIR0o
%vz#CI
PiX-d$
>@,I@?E6
*j8UV[_
	>B<4%
hQtQQII
lEXI>}?O
<433-I,
	@QQQ^JvI)
%kJ++JKJ
JOPg+X
kcLPn~k
r+MU-]nC
a```b@
^%iNqt
KI,I,O,JMO
iY:&'K
Y< amoD
^JF,w]n7P
z@*~H)
^SzOrla
Cjt'yIE
rSKr,&
X9rjldU
qsg?n}
y1U+P}
O#H?[?
	-[VU1
tveeS#
Q+Xu<V
%`sBIzb
/<\k;z
\/()w\
O/<kFY
p`J*:r1
,]AEU*
#1OzSb
.M"~&>
3$F%<N
<{,o~T
d>&!fH2E
@cs<&mZ
gx-b$3.&
ial;NG6
k>m\\W'a
zx-TRFH<
eom){so
	F?Ch?Sh
'~}+o>
ao,ao$
k+80Sz
zS}uAJ
-:k5q>y
D)Vd{VZ
v_{m\M
^C>k2-
2]S551(
J*Qh\Nu9
Qx%% +L
~/rezYT.
:WX&SM
[+s#kfF
;nlz:2
>Mxd.aE
?=9_L{
{ujCc{
)MlLmB
eSeS='SI
2ZNX`9b
5=DYW<
=9?z:r
s\UN.U
lnmuz4
h#JCea
VU/V5H
+P{/ug
NG(u59
t>5uQ#"1
jrA=8__
3f<7++
?$:q0M